CVE-2026-47899

CVE-2026-47899 affects Logseq via the Electron preload script, where an API method allows the renderer to invoke IPC handlers without proper path validation. This enables a JavaScript-executing attacker (e.g., via XSS or a malicious plugin) to read, write, or delete arbitrary files on the user’s ...

CVE-2026-9279

Logseq contains an IPC handler that lets the renderer execute shell commands. Although an allowlist restricts the command name (e.g., git, pandoc, grep), the argument string is concatenated with the command and passed to child_process.spawn with shell: true, allowing shell metacharacters to bypas...

CVE-2026-11793

CVE-2026-11793 describes a stack buffer overflow in 389 Directory Server’s 389-ds-base. The vulnerability occurs in the checkPrefix() function in pw.c, which copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute...

CVE-2026-11792

CVE-2026-11792 affects 389 Directory Server (389-ds-base). A heap buffer overflow occurs in auditlog.c, in the create_masked_entry_string() function, when audit logging uses a fixed-length password mask and the destination heap buffer lacks sufficient space. If a short cleartext password is logge...

CVE-2026-11790

The CVE-2026-11790 entry describes a vulnerability in 389 Directory Server’s PBKDF2-SHA256 password storage plugin where there is no upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user’s password hash can trigger excessive CPU usag...

CVE-2026-11789

Affected software : 389 Directory Server (389-ds-base). Vulnerable component : SMD5 password storage plugin. Root cause : unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read and LDAP server crash during authenticatio...

CVE-2026-11787

The CVE-2026-11787 entry concerns 389 Directory Server (389-ds-base). A heap buffer over-read occurs in the ldap_utf8prev() function when reading bytes before the start of a buffer during string filter parsing (via str2simple), which may influence internal filter processing behavior. Documented i...

CVE-2026-11788

The vulnerability CVE-2026-11788 affects 389 Directory Server (389-ds-base) in the dereference control plugin BER parser. The root cause is that the plugin does not check for BER allocation failures before using structures, enabling a null pointer/dereference scenario that can crash the LDAP serv...

CVE-2026-11786

CVE-2026-11786 affects the 389 Directory Server (389-ds-base). The issue is a heap-out-of-bounds read in the LDIF parser when processing attribute types with trailing semicolons during database import, traced to ldif parser function str2entry_state_information_from_type(). Consequences are descri...

CVE-2026-11785

The CVE-2026-11785 entry concerns 389 Directory Server (389-ds-base) with a type confusion in the SSO token extended operation handler. This flaw allows a partial leak of stack address information via LDAP responses to authenticated users, arising from ber_printf type confusion in the SSO token h...

CVE-2026-52907

The CVE-2026-52907 entry concerns the Linux kernel component media: rockchip: rkcif. The root cause is off-by-one errors in array handling, where comparisons were made with > instead of >=, risking reads beyond the end of arrays. The fix updates comparisons to use proper bounds checks and s...

CVE-2026-52906

CVE-2026-52906 (Linux kernel 9p/v9fs) : The issue arises from how 9p options are applied during mounts. After commit 1f3e4142, v9fs_apply_options() uses |= to combine new flags with those already set by v9fs_session_init(), which for 9P2000.L defaults to V9FS_ACCESS_CLIENT. When a user mounts wit...

CVE-2026-52905

The provided CVE-2026-52905 details a Linux kernel DAMON subsystem issue in mm/damon/core where a bug from damon_ctx->min_sz_region allowed damon_start() to emit non-power-of-two min_region_sz, despite an earlier fix for damon_commit_ctx(). The connected documents state that the path is now pr...

CVE-2026-52904

The CVE-2026-52904 entry covers a Linux kernel issue in drm/nouveau where nvkm_device leaks occur if aperture_remove_conflicting_pci_devices() fails during probe. The allocated nvkm_device from nvkm_device_pci_new() is not unwound on error, leaking both the device wrapper and the pci_enable_devic...

CVE-2026-46332

The CVE-2026-46332 issue affects the Linux kernel Greybus subsystem (gb-beagleplay) where cc1352_bootloader_rx() appends serdev data into a fixed rx_buffer without validating the chunk size against remaining space. This can allow an overflow when multiple packets arrive in one callback, leading t...

CVE-2026-46330

The CVE-2026-46330 entry concerns the Linux kernel TCP ULP support for SMC. The vulnerability arises when an active TCP socket is converted into an SMC socket by in-place modifications to core VFS structures (struct file, dentry, inode), violating VFS invariants that expect these structures to be...

CVE-2026-46329

The CVE-2026-46329 entry concerns the erofs filesystem in the Linux kernel. The underlying issue was handling end-of-filesystem conditions for file-backed mounts, where I/O requests beyond the filesystem end should be zeroed (as with loopback devices). The advisory indicates this has been resolve...

CVE-2026-46328

The CVE-2026-46328 entry concerns the Linux kernel AppArmor policy: fix rlimit for posix CPU timers. The issue arose because Posix CPU timers required an additional step beyond setting the rlimit, and the patch refactors the code to make clear which code sets the limit and to conditionally update...

CVE-2026-46327

In the Linux kernel dm subsystem, the vulnerability centers on dm_blk_report_zones checking for suspended state without holding locks, allowing a race where the device may be suspended immediately after the check. The fix moves the dm_suspended_md check to occur after dm_get_live_table, ensuring ...

CVE-2026-46326

CVE-2026-46326 affects the Linux kernel driver iio: pressure: mprls0025pa. The root cause is improper initialization of the spi_transfer structure, with the patch ensuring the spi_transfer struct is zeroed out before use. The impact is high (local access with potential to read uninitialized memor...

CVE-2026-46325

Summary (details from sources): CVE-2026-46325 affects the Linux kernel RDMA/rxe code, where iova-to-va conversion fails when MR page_size differs from system PAGE_SIZE. The bug arises because rxe_set_page() uses mr->page_size steps while the page_list holds PAGE_SIZE pages, and ib_sg_to_page(...

CVE-2026-7486

Netcad E-İmar is affected by CVE-2026-7486 (SQL injection) due to improper neutralization of special elements in SQL commands. The issue affects E-İmar versions from 2.10.1.0 up to (but not including) 3.0.2. The CVSS 3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges requi...

CVE-2026-46324

CVE-2026-46324 concerns the Linux kernel’s nf_tables netlink hook handling. The vuln is fixed by replacing use of list_del_rcu() for nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks to prevent concurrent dumpers from walking the list while it’s modified. A new helper was added...

CVE-2026-46323

CVE-2026-46323 affects the Linux kernel’s networking GRO path. The issue occurs in skb_gro_receive() where fragments can be copied between the source and GRO skbs without respecting zerocopy status, notably when SKBFL_MANAGED_FRAG_REFS is set. When this flag is present, pages in shinfo->frags ...

CVE-2026-46322

The CVE relates to the Linux kernel tun driver vulnerability CVE-2026-46322. When build_skb() fails inside tun_xdp_one(), the function returns -ENOMEM without freeing the allocated page for the frame, causing a memory leak of one page-frag chunk per failed build_skb() in a batch. The root cause i...

CVE-2026-46321

Summary. CVE-2026-46321 concerns the Linux kernel tun/tap with vhost-net, where a short-frame rejection path in tun_xdp_one() can leak memory pages. Specifically, when a frame is shorter than ETH_HLEN, tun_xdp_one() returns -EINVAL without freeing the page allocated by vhost_net_build_xdp(). tun_...

CVE-2026-46320

The CVE-2026-46320 vulnerability affects the Linux kernel tap driver where memory pages allocated for frames in vhost_net_xdp() are not freed on error paths. Specifically, tap_get_user_xdp() may reject frames shorter than ETH_HLEN (-EINVAL) or fail build_skb() (-ENOMEM), but both error paths jump...

CVE-2026-46319

The CVE-2026-46319 entry describes a race in the Linux kernel net/sched act_ct where rcu_read_lock is exited before refcount_inc_not_zero on ct_ft, allowing a UAF when ct_ft is freed during cleanup. This creates a local privilege-escalation risk as an attacker could observe or trigger the race wi...

CVE-2026-46318

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-11764

CVE-2026-11764 describes a data exposure where exporting all reusable media includes gift card secrets, even for users without permission to view gift cards. This indicates a permission boundary bypass, since the UI/API only reveal partial (first letters) of the secret, yet the export leaks full ...

CVE-2026-46317

CVE-2026-46317 concerns the Linux kernel KVM on arm64. A traversal of the array kvm->arch.nested_mmus[] occurs under kvm->mmu_lock, while kvm_vcpu_init_nested() reallocates the array and frees the old buffer with only kvm->arch.config_lock held. The fix moves the allocation outside the m...

CVE-2026-46316

A vulnerability in Linux kernel KVM for ARM64 (vgic-its) is resolved. The issue stemmed from vgic_its_invalidate_cache() traversing the per-ITS translation cache with xa_for_each() and dropping the cache’s reference on each entry using vgic_put_irq(), but it dropped the reference of the pointer r...

CVE-2017-20251

CVE-2017-20251 affects WordPress Insert PHP plugin versions prior to 3.3.1. The vulnerability is a PHP code injection via the REST API, allowing unauthenticated attackers to execute arbitrary PHP by injecting an insert_php shortcode through POST requests to wp-json/wp/v2/posts, enabling remote PH...

CVE-2017-20250

CVE-2017-20250 affects WordPress plugin Mac Photo Gallery 3.0 through a path traversal vulnerability in macdownload.php that allows unauthenticated attackers to download arbitrary files (e.g., wp-load.php) by manipulating the albid parameter. Reported impact includes potential high confidentialit...

CVE-2017-20248

CVE-2017-20248 affects the WordPress plugin Apptha Slider Gallery 1.0. It describes a path traversal vulnerability in asgallDownload.php that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) via the imgname parameter. CVSS scores in th...

CVE-2017-20249

The vulnerability CVE-2017-20249 affects the WordPress plugin Apptha Slider Gallery 1.0 . It contains an SQL injection via the albid parameter in GET requests, enabling unauthenticated attackers to execute arbitrary SQL and potentially extract sensitive database information, including user creden...

CVE-2017-20247

CVE-2017-20247 affects the WordPress plugin PICA Photo Gallery 1.0. It describes an SQL injection vulnerability where unauthenticated attackers can inject SQL via the aid parameter in GET requests to retrieve sensitive data (e.g., user credentials, table contents). The CVE notes high impact on co...

CVE-2017-20246

KittyCatfish 2.2 WordPress plugin contains a SQL injection vulnerability exploitable by unauthenticated attackers via an unescaped GET parameter. The vulnerability affects requests through kc_ad in base.css.php or kittycatfish.php, enabling extraction of database contents using boolean-based or t...

CVE-2017-20244

CVE-2017-20244 affects Wow Forms WordPress Plugin version 2.1. The vulnerability is an SQL injection in admin-ajax.php handling the send_mwp_form action, exploitable via an unescaped POST parameter mwpformid, allowing unauthenticated attackers to read arbitrary database information. Reported CVSS...

CVE-2017-20245

CVE-2017-20245 affects the Wow Viral Signups 2.1 WordPress plugin. It describes an SQL injection through the unescaped idsignup POST parameter in admin-ajax.php, allowing unauthenticated attackers to extract data from the database. CVSS 3.1 base score 8.2 (HIGH) and CVSS 4.0 base score 8.8 (HIGH)...

CVE-2017-20243

CVE-2017-20243 concerns the WordPress Car Park Booking Plugin. The initial report states a time-based SQL injection vulnerability in the plugin (version cited as of 17 Oct 2017) that allows unauthenticated attackers to manipulate database queries via the space_id parameter. By sending crafted GET...

CVE-2016-20065

CVE-2016-20065 concerns the WordPress plugin Product Catalog 8 1.2, which contains an SQL injection in the selectedCategory parameter. An unauthenticated attacker can POST to admin-ajax.php with the UpdateCategoryList action to run arbitrary SQL queries, enabling extraction of database informatio...

CVE-2016-20064

CVE-2016-20064 affects WP Vault 0.8.6.6, where an unauthenticated attacker can trigger a local file inclusion via an unescaped wpv-image GET parameter. The vulnerability allows traversal to access sensitive files (e.g., system configuration) due to improper handling in the include function. Accor...

CVE-2016-20063

CVE-2016-20063 affects Single Personal Message 1.0.3 WordPress Plugin. The vulnerability is an SQL injection in the message parameter, exploitable by authenticated users to run arbitrary SQL queries, potentially accessing sensitive database information and site configuration data. Attack vector i...

CVE-2016-20062

The CVE covers a SQL injection in the Simply Poll 1.4.1 WordPress plugin. Attackers can exploit an unauthenticated POST to admin-ajax.php using the spAjaxResults action with crafted pollid values to execute arbitrary SQL and read data from the WordPress database. Affected component: Simply Poll 1...

CVE-2026-2638

Technical details beyond the summary are not publicly available in the provided documents. Monitor for updates.

CVE-2026-39023

Technical details for CVE-2026-39023 are not publicly available in the provided documents; no affected products, roots, or mitigations are disclosed. Monitor for updates.

CVE-2026-49742

CVE-2026-49742 affects TYPO3 CMS where Backend users with file download permissions can access files from the FAL fallback storage via the Media Module. The fallback storage resolves paths relative to the server document root, potentially exposing sensitive files (e.g., log files). Affected versi...

CVE-2026-49741

CVE-2026-49741 concerns TYPO3 CMS where backend users with write access to the form_definition table can directly manipulate form definitions via DataHandler, bypassing Form Framework validation and permission checks. This enables injecting arbitrary form configurations and is associated with SQL...

CVE-2026-49740

TYPO3 CMS: Insecure deserialization in core API (VariableFrontend and Registry) allows crafting serialized payloads to trigger PHP Object Injection with local write access to the cache store or sys_registry table. Impact could lead to Remote Code Execution or other high-impact effects as per the ...